distributed authorization system a netflix case study
play

Distributed Authorization System: A Netflix case study Manish Mehta - PowerPoint PPT Presentation

Jan 24, 2024 •31 likes •501 views

Distributed Authorization System: A Netflix case study Manish Mehta - Chief Security Architect @ Volterra Torin Sandall - Co-founder of Open Policy Agent project - Software Engineer @ Velocity 2018 June 12-14 Manish Mehta Torin Sandall

  1. Distributed Authorization System: A Netflix case study Manish Mehta - Chief Security Architect @ Volterra Torin Sandall - Co-founder of Open Policy Agent project - Software Engineer @ Velocity 2018 June 12-14

  2. Manish Mehta Torin Sandall Senior Security Engineer @ Netflix Co-founder of the OPA project Chief Security Architect @ Volterra Software Engineer @ Styra manish@ves.io @sometorin Projects: @OpenPolicyAgent • Bootstrapping Identities Projects: • Secrets Management • Open Policy Agent • PKI • Kubernetes • Authentication • Istio (security SIG) • Authorization • Likes: Go, Quality, Good abstractions Velocity San Jose '18

  3. Background - Definitions Transfer $1000 from Account X to Account Y Me My Bank 1. Verify the Identity of the Requester (Authentication or AuthN) 2. Verify that the Requestor is authorized to perform the requested operation (Authorization or AuthZ) These 2 steps do not need to be tied together !! Velocity San Jose '18

  4. Background - Netflix Architecture Netflix Backend - Internal Resources Cloud Provider Resources Customer Partner Resources CDN Employee Velocity San Jose '18

  5. Background - Netflix Architecture Netflix Backend - Internal Resources Cloud Provider Resources Customer Partner Resources CDN Employee Velocity San Jose '18

  6. AuthZ Problem A (simple) way to define and enforce rules that read • Identity I • can/cannot perform • Operation O • on • Resource R • For ALL combinations of I , O , and R in the ecosystem. Velocity San Jose '18

  7. Design Considerations Company Culture Implementation Languages •Freedom and Responsibility •Java, Node JS, Python, Ruby, … Resource Types Latency •REST endpoints, gRPC methods, •Call depth and Service rate SSH, Crypto Keys, Kafka Topics, … Flexibility of Rules Identity Types •Hard-coded structure vs. language-based •VM/Container Services, Batch Jobs, Employees, Contractors, … Capture Intent •Did you actually do what you think you did? Underlying Protocols •Don’t just trust, verify !! •HTTP(S), gRPC, Custom/Binary, … Velocity San Jose '18

  8. High-level Architecture Application Ownership Build Manifest DB Policy DB Policy DB Policy Employee Distributor Distributor Portal Aggregator Management System Service A AuthZ Agent Service B Distributor S Distributor Distributor App S Code H AuthZ Agent App Code Velocity San Jose '18

  9. High-level Architecture Application Ownership Build Manifest DB Policy DB Policy Employee Distributor Distributor Portal Aggregator Management System Service A AuthZ Agent Service B Distributor S Distributor Distributor App S Code H AuthZ Agent App Code Velocity San Jose '18

  10. High-level Architecture Application Ownership Build Manifest DB Policy DB Policy Employee Distributor Distributor Portal Aggregator Management System Service A AuthZ Agent Service B Distributor S Distributor Distributor App S Code H AuthZ Agent App Code Velocity San Jose '18

  11. High-level Architecture Application Ownership Build Manifest DB Policy DB Policy Employee Distributor Distributor Portal Aggregator Management System Service A AuthZ Agent Service B Distributor S Distributor Distributor App S Code H AuthZ Agent App Code Velocity San Jose '18

  12. High-level Architecture Application Ownership Build Manifest DB Policy DB Policy Employee Distributor Distributor Portal Aggregator Management System Service A AuthZ Agent Service B Distributor S Distributor Distributor App S Code H AuthZ Agent App Code Velocity San Jose '18

  13. High-level Architecture Application Ownership Build Manifest DB Policy DB Policy Employee Distributor Distributor Portal Aggregator Management System Service A AuthZ Agent Service B Distributor S Distributor Distributor App S Code H AuthZ Agent App Code Velocity San Jose '18

  14. AuthZ Agent Internals AuthZ Agent Open Policy Agent Engine Request Stager Decision API Periodic updates on policies and associated data Updater Velocity San Jose '18

  15. Example Setup Report Authorization Policy Generator 1. Employees can read their own salary and the salary Payroll Service of anyone who reports to /getSalary/* /getSalary/alice Alice them. /getSalary/bob AuthZ Agent Report Generator Job 2. GET should be able to Read all /getSalary/{user} /getSalary/bob users' salaries App Bob Code POST Performance Review 3. /updateSalary/{user} Application should be able to update all users' salaries Performance /updateSalary/* Review Velocity San Jose '18

  16. Open Policy Agent @OpenPolicyAgent @sometorin

  17. What about RBAC? @OpenPolicyAgent @sometorin

  18. RBAC solves XX% of the problem. @OpenPolicyAgent @sometorin

  19. "Restrict employees from accessing "Allow all HTTP requests the service outside of work hours." from 10.1.2.0/24." "Restrict ELB changes to senior "QA must sign-off on images SREs that are on-call." deployed to the production namespace." "Analysts can read client data but PII must be redacted." RBAC is not enough. "Give developers SSH access to machines listed in JIRA tickets assigned to them." "Prevent developers from running containers with privileged security contexts in the production namespace." "Workloads for euro-bank must be deployed on PCI-certified clusters in the EU." @OpenPolicyAgent @sometorin

  20. Service Policy Policy Query Decision OPA is a general-purpose OPA policy engine. Data Policy (JSON) (Rego) @OpenPolicyAgent @sometorin

  21. Service Enforcement Policy Policy Query Decision Decisions are decoupled OPA from enforcement. Data Policy (JSON) (Rego) @OpenPolicyAgent @sometorin

  22. Node Service OPA Evaluate policies locally. ● Daemon (HTTP API) ● Library (Go) ● Service Mesh (Istio) Node Service OPA @OpenPolicyAgent @sometorin

  23. Node Node Fate Sharing ✔ Low latency Service Service OPA OPA ✔ High availability Node Node Host Failures Service OPA Network Node Node Network Partitions Service OPA Network @OpenPolicyAgent @sometorin

  24. Service Policy and data are Policy Policy Query Decision stored in-memory. OPA No external dependencies during enforcement. Data Policy (JSON) (Rego) @OpenPolicyAgent @sometorin

  25. Service Policy Policy Query Decision Declarative Language (Rego) OPA ● Is Identity I allowed to perform Operation O on Resource R? ● What labels must applied to Deployment X? ● Which users can SSH into production servers? Data Policy (JSON) (Rego) @OpenPolicyAgent @sometorin

  26. "Employees can read their own salaries and the salaries of their subordinates." @OpenPolicyAgent @sometorin

  27. "Employees can read their own salaries [...]" @OpenPolicyAgent @sometorin

  28. "Employees can read their own salaries [...]" Input {"method": "GET", "path": ["salaries", "bob"], "user": "bob"} @OpenPolicyAgent @sometorin

  29. "Employees can read their own salaries [...]" Input allow = true { input.method = "GET" {"method": "GET", "path": ["salaries", "bob"], input.path = ["salaries", employee_id] "user": "bob"} input.user = employee_id } @OpenPolicyAgent @sometorin

  30. "Employees can read their own salaries [...]" Input allow = true { input.method = "GET" {"method": "GET", "path": ["salaries", "bob"], input.path = ["salaries", "bob"] "user": "bob"} input.user = "bob" } @OpenPolicyAgent @sometorin

  31. "Employees can read their own salaries [...]" Input allow = true { input.method = "GET" # OK {"method": "GET", "path": ["salaries", "bob"], input.path = ["salaries", "bob"] # OK "user": "bob"} input.user = "bob" # OK } @OpenPolicyAgent @sometorin

  32. "Employees can read their own salaries [...]" Input allow = true { input.method = "GET" {"method": "GET", "path": ["salaries", "bob"], input.path = ["salaries", employee_id] "user": "alice"} input.user = employee_id } "alice" instead of "bob" @OpenPolicyAgent @sometorin

  33. "Employees can read their own salaries [...]" Input allow = true { input.method = "GET" # OK {"method": "GET", "path": ["salaries", "bob"], input.path = ["salaries", "bob"] # OK "user": "alice"} "alice" = "bob" # FAIL } "alice" instead of "bob" @OpenPolicyAgent @sometorin

Recommend

Using Linux perf at Netflix Brendan Gregg Senior Performance Architect Sep 2017 Case Study: ZFS

Using Linux perf at Netflix Brendan Gregg Senior Performance Architect Sep 2017 Case Study: ZFS

Using Linux perf at Netflix Brendan Gregg Senior Performance Architect Sep 2017 Case Study: ZFS is ea/ng my CPU Easy to debug using Ne9lix Vector & flame graphs How I expected it to look: Case Study: ZFS is ea/ng my CPU (cont.)

796 views • 79 slides
Reconstructing Netflix Raghuram SV, Aditya Rao, Kunal Lillaney 600.667 Advanced Distributed

Reconstructing Netflix Raghuram SV, Aditya Rao, Kunal Lillaney 600.667 Advanced Distributed

Reconstructing Netflix Raghuram SV, Aditya Rao, Kunal Lillaney 600.667 Advanced Distributed Systems & Communication Johns Hopkins University Netflix Facts Internet has overtaken cable TV as preferred medium for delivering video content

506 views • 27 slides
Anti-Entropy using CRDTs on HA Datastores Sailesh Mukil Senior Software Engineer, Netflix

Anti-Entropy using CRDTs on HA Datastores Sailesh Mukil Senior Software Engineer, Netflix

Anti-Entropy using CRDTs on HA Datastores Sailesh Mukil Senior Software Engineer, Netflix Timeline Cassandra Multi-region Dynomite adoption 2011 2013 2016 NETFLIX Dynomite Makes non-distributed datastores, distributed NETFLIX

1.14k views • 78 slides
Understanding Issue Correlations: A Case Study of the Hadoop System Jian Huang Xuechen Zhang

Understanding Issue Correlations: A Case Study of the Hadoop System Jian Huang Xuechen Zhang

Understanding Issue Correlations: A Case Study of the Hadoop System Jian Huang Xuechen Zhang Karsten Schwan Why Issue Study Matters? Scalable distributed systems are complex [Yuan et al., OSDI14] Complicated System 2 Why

553 views • 52 slides
Netflix Built Its Own Monitoring System (And You Probably Shouldnt) Roy Rapoport

Netflix Built Its Own Monitoring System (And You Probably Shouldnt) Roy Rapoport

Netflix Built Its Own Monitoring System (And You Probably Shouldnt) Roy Rapoport rsr@netflix.com @royrapoport 6 March 2015 Not So Much About Telemetry I telemetry Architecture track Open Space, 11:30AM, Fleming 3rd Floor

709 views • 56 slides
Distributed File Systems Issues in Distributed File Service Case Studies: Sun

Distributed File Systems Issues in Distributed File Service Case Studies: Sun

CPSC-662 Distributed Computing Distributed File Systems Distributed File Systems Issues in Distributed File Service Case Studies: Sun Network File System Coda File System Web Reading: Coulouris: Distributed

318 views • 12 slides
Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has innovation helped to produce a cost effective remedial design? Challenging contaminant profile Taken a traditional / well understood remedial

912 views • 4 slides
Distributed Coordination What makes a system distributed? Time in a distributed system

Distributed Coordination What makes a system distributed? Time in a distributed system

CPSC-410/611: Operating Systems Distr Coord Distributed Coordination What makes a system distributed? Time in a distributed system How do we determine the global state of a distributed system? Event ordering Mutual exclusion

405 views • 12 slides
Distributed Systems Lecture 13 Case study: CORBA Josva Kleist Unit for Distributed Systems and

Distributed Systems Lecture 13 Case study: CORBA Josva Kleist Unit for Distributed Systems and

Distributed Systems Lecture 13 Case study: CORBA Josva Kleist Unit for Distributed Systems and Semantics Aalborg University DS E02 Lec13 1 CORBA main points CORBA consists of generic services as well as a language- independent RMI

351 views • 33 slides
AADL : a radar case study Back to radar case study Goal: to model a simple radar system

AADL : a radar case study Back to radar case study Goal: to model a simple radar system

AADL : a radar case study Back to radar case study Goal: to model a simple radar system Let us suppose we have the following requirements System implementation is composed by physical devices (Hardware entity): 1. antenna + processor +

589 views • 10 slides
Photobioreactor system case-study Tom a s Stan ek Tom a s Stan ek

Photobioreactor system case-study Tom a s Stan ek Tom a s Stan ek

Photobioreactor system case-study Tom a s Stan ek Tom a s Stan ek Photobioreactor system case-study Tom a s Stan ek Photobioreactor system case-study Overal description Various devices with some autonomous logic and

920 views • 48 slides
Course introduction Defining distributed system s A distributed system is one in which

Course introduction Defining distributed system s A distributed system is one in which

Distributed System s Fall 2 0 0 8 Course introduction Defining distributed system s A distributed system is one in which components located at networked computers communicate and coordinate their actions by passing messages. (Coulouris,

579 views • 42 slides
Socially Constructed Trust for Distributed Authorization Steve Barker, Kings College London

Socially Constructed Trust for Distributed Authorization Steve Barker, Kings College London

Socially Constructed Trust for Distributed Authorization Steve Barker, Kings College London Valerio Genovese, University of Torino, Italy Socially Constructed Trust for Distributed Authorization p.1/17 An Approach A common approach to

631 views • 17 slides
Does Distributed Development Affect Software Quality? An Empirical Case Study of Windows Vista

Does Distributed Development Affect Software Quality? An Empirical Case Study of Windows Vista

Does Distributed Development Affect Software Quality? An Empirical Case Study of Windows Vista By C. Bird, N. Nagappan, P. Devanbu, H. Gall, B. Murphy Presented by Tanja Werthmller 1 Overview 1.What is distributed development - What does

412 views • 12 slides
Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably Authorization answers the question who is allowed to do what ? A first step in the development of an access control system is the

651 views • 53 slides
enterprise REST a case study twitter:@BrandonByars the eight fallacies of distributed

enterprise REST a case study twitter:@BrandonByars the eight fallacies of distributed

enterprise REST a case study twitter:@BrandonByars the eight fallacies of distributed programming the network is reliable topology doesnt change latency is zero there is one administrator bandwidth is infinite

659 views • 48 slides
Distributed Systems Just what is a Distributed System? Definitions "A Distributed System

Distributed Systems Just what is a Distributed System? Definitions "A Distributed System

Distributed Systems Just what is a Distributed System? Definitions "A Distributed System is one in which components located at networked computers communicate and coordinate their actions only by passing messages". [Coulouris,

800 views • 42 slides
Distributed Databases 1 19.1 Distributed Database System A distributed database system

Distributed Databases 1 19.1 Distributed Database System A distributed database system

Distributed Databases 1 19.1 Distributed Database System A distributed database system consists of loosely coupled sites that share no physical component Database systems that run on each site are independent of each other

761 views • 42 slides
Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a distributed Definitions implementation of a classical time-sharing model of a file Distributed system - A number of loosely coupled system. machines

997 views • 8 slides
Implementing CRSM Rendezvous Communication for a Distributed Robotic System B. Election Reddy

Implementing CRSM Rendezvous Communication for a Distributed Robotic System B. Election Reddy

Concurrent Languages Fire Bird Platform CRP Rendezvous Rendezvous Implementation Network Problems Case Study: Treasure Hunt Summary Future Work Implementing CRSM Rendezvous Communication for a Distributed Robotic System B. Election Reddy

419 views • 39 slides
Globally Distributed Cloud Applica4ons Adrian Cockcroft @adrianco Netflix Inc.

Globally Distributed Cloud Applica4ons Adrian Cockcroft @adrianco Netflix Inc.

Globally Distributed Cloud Applica4ons Adrian Cockcroft @adrianco Netflix Inc. Abstract Ne+lix on Cloud What, Why and When Globally Distributed Availability Model

1.14k views • 59 slides
The City of Clare, A Case Study A Case Study of Ammonia Reduction in a Lagoon Treatment System

The City of Clare, A Case Study A Case Study of Ammonia Reduction in a Lagoon Treatment System

The City of Clare, A Case Study A Case Study of Ammonia Reduction in a Lagoon Treatment System By John Holland The City of Clare WWTP The Clare WWTP was constructed in 1989. It is one of the few continuous flow through lagoons in

517 views • 24 slides
IoDDoS The Internet of Distributed Denial of Service Attacks A Case Study of the Mirai

IoDDoS The Internet of Distributed Denial of Service Attacks A Case Study of the Mirai

SPAWAR S YSTEMS C ENTER P ACIFIC IoDDoS The Internet of Distributed Denial of Service Attacks A Case Study of the Mirai Malware and IoT-Based Botnets 24-26 April, 2017 Presented at the 2 nd International Conference Presented by Roger

654 views • 20 slides
[537] Distributed Systems Chapters 42 Tyler Harter 11/19/14 File-System Case Studies Local -

[537] Distributed Systems Chapters 42 Tyler Harter 11/19/14 File-System Case Studies Local -

[537] Distributed Systems Chapters 42 Tyler Harter 11/19/14 File-System Case Studies Local - FFS : Fast File System - LFS : Log-Structured File System Network - NFS : Network File System - AFS : Andrew File System File-System Case

1.57k views • 115 slides

More recommend